One of the most profound changes in the modern business landscape has been the gradual shift to the Subscription Economy. In years gone by, you handed over your hard-earned money and in return received a product or service that was yours to keep. Now, both companies and consumers are ditching the traditional pay-per-product approach in favor of the as-a-service model – an arrangement that offers greater flexibility for consumers and more predictable, stable income for businesses. In most cases, it’s a better all-round experience for everyone involved.

Sadly, it’s not just Netflix and Spotify that have adopted this way of offering their services. In the dark recesses of the digital underworld, malware authors hawk ransomware subscriptions that are swiftly snapped up by buyers with unscrupulous motives. A relatively recent phenomenon, Ransomware as a Service (RaaS) allows anyone with an internet connection – regardless of their technical literacy – to purchase powerful ransomware via the Dark Web and carry out devastating encryption attacks against the targets of their choice.

How does Ransomware-as-a-Service work?

Ransomware itself is a special type of malware that is designed to encrypt your files and render them inaccessible until you fork over a sum of cash (usually in the form of bitcoin or another cryptocurrency). You can get further insight into how ransomware works in our previous blog post here.

In the past, only those with strong technical chops could execute a successful ransomware attack, but Ransomware-as-a-Service has changed all that thanks to the proliferation of user-friendly ransomware kits, which contain everything one might need to launch a successful ransomware attack.

These kits are typically hosted on portals buried deep in the Dark Web, where buyers can “safely” deploy the ransomware away from prying eyes. Many RaaS kits require no upfront cost to use or deploy; instead, the author receives a commission (typically 20-40 percent) of any illegal earnings, making RaaS – for all intents and purposes – an affiliate scheme. This makes it a lucrative business model for buyers and ransomware authors alike, as both parties are able to cash in on the ransomware on an ongoing basis.

After gaining access to a RaaS kit, buyers then need to distribute it either independently or via a paid service. Attack vectors can take many forms, with phishing being one of the most common methods due to how readily unsuspecting users will click on foreign links and execute unfamiliar programs.

Alternatively, RaaS kit buyers may seek out systems with unguarded remote desktop protocol by purchasing a list of vulnerable machines or scanning the internet for them using widely available tools. The RaaS process might look something like this:

Malware author(s) create a RaaS kit for a cybercrime group.

The group promotes the RaaS kit on the Dark Web and other platforms.

Buyer purchases the RaaS kit.

The buyer distributes the ransomware either on their own or with the help of a dedicated distribution service.

If successful, the targets are infected!

Examples of infamous Ransomware-as-a-Service

Satan

First spotted in early 2017, Satan RaaS allows affiliates to effortlessly create and deploy their own ransomware in a matter of minutes. Satan RaaS is free to use, but ransomware authors receive a 30 percent cut of any ill-gotten gains. Satan RaaS is particularly notable for its ease of use, professional-looking GUI that features simple customization options, handy distribution tips and even a metrics dashboard where users can keep track of infection rates, ransom generated and more.

Philadelphia

Philadelphia bucks the subscription model and instead can be purchased outright with a one-time upfront cost of $389. As far as commercial ransomware goes, this is definitely on the more expensive side of things, but the developers of Philadelphia justify it by providing a professional feature set that rivals most legitimate software. Buyers of Philadelphia gain access to an intuitive interface, lifetime access, the ability to generate unlimited ransomware samples and ongoing support and updates.

Cerber

Distributed through an underground Russian forum, Cerber is one of the most infamous examples of RaaS to date. In June 2016, an early iteration of Cerber caused massive headaches for Microsoft when millions of Office 365 users were exposed to the ransomware. Later, in September 2017, it was found that a U.S. government website was hosting a JavaScript downloader that delivered Cerber. Unlike some ransomware, Cerber doesn’t rely on network communication to function, meaning even offline machines that have been infected are at risk of having their files encrypted.

MacRansom

MacRansom puts to rest the lingering rumor that MacOS is somehow invulnerable to malware. In June 2017, researchers spotted portals on the Dark Web selling MacRansom, ransomware that – unlike the vast majority of ransomware – specifically targets Mac OS users. Affiliates keep a 30 percent cut of any ransoms generated, with the rest going to the ransomware authors. Interestingly, MacRansom is quite primitive compared to many Windows ransomware variants and requires a lot of manual input from the author, making it far less efficient than other RaaS.

The rise of Ransomware-as-a-Service

It’s no secret that ransomware attacks have exploded in popularity in recent times. In fact, as SonicWall reported, the number of ransomware attacks increased an astonishing 167 times over the course of a single year, rising from 3.8 million in 2015 to 638 million in 2016.

The growing availability of RaaS is largely to blame for this alarming trend. Fuelled by the sheer profit potential, 2016 saw the birth of almost a quarter of a million new ransomware variants, which helped cybercriminals generate about $1 billion through the use of ransomware. Meanwhile, the average ransomware demand more than tripled, rising from $294 in 2015 to $1,077 in 2016.

As the ransoms have grown larger, so too have the expectations of RaaS affiliates. While the ransomware of yesteryear was technically challenging to deploy for the average person, RaaS has become steadily more accessible and user friendly to meet the needs of criminals who may not be technologically inclined. Spurred on by ransomware such as Spora, whose interface and functionality resembles that of professional software, some modern RaaS is beautifully designed, intuitive to use and even features handy help guides.

English version of the Spora ransom payment site.

The way RaaS is marketed has also become more advanced. Once confined to the Dark Web, malware groups are getting increasingly brazen when it comes to marketing tactics and have begun encroaching on the Surface Web (the part of the internet that regular users inhabit).

For example, part of Philadelphia’s promotional campaign included a high-quality YouTube introductory video highlighting all the ransomware’s features and how new users can get started. Similarly, the author(s) of Karmen released a short instructional YouTube video showing the ransomware in action. See it for yourself in the following YouTube video from Recorded Future, who rehosted the video and removed the links to the ransomware.

What are the risks for businesses?

Businesses of all sizes face an ever greater risk as RaaS becomes more accessible, but it’s not the ransom itself that’s the killer – it’s the downtime. About 1 in 6 ransomware infections result in more than 25 hours of downtime, according to figures collated in a recent industry report, with some organizations reporting disruption lasting in excess of 100 hours. Unable to make sales, provide support or talk to prospects, it’s easy to see how RaaS can indirectly cost small- and medium-sized businesses tens of thousands of dollars in lost revenue.

Because RaaS attacks are commonly used to target specific companies or industries in order to maximize profits, some sectors are innately at far greater risk than others. In fact, according to research from Dimension Data, four industries account for 77 percent of all ransomware attacks:

Business and Professional Services (28%)

Government (19%)

Healthcare (15%)

Retail (23%)

If you operate in one of these sectors, it’s vital that you’re extra vigilant in order to minimize the risk of becoming a victim of a RaaS attack.

How to protect your company from ransomware attacks

As with all types of malware, when fortifying your system against attacks by one of the many ransomware as a service affiliates, it’s wise to take a multipronged approach, including:

Backups

Taking a proactive approach to RaaS is a good way to minimize the risk of infection, but for the ultimate peace of mind you need to know you can quickly restore your system in the event of an attack.

That’s where backups come in.

Both cloud and physical storage are very affordable these days, meaning there really is no excuse to not be making regular backups. For the ultimate peace of mind, we recommend abiding by the 3-2-1 rule:

Keep at least three copies of data on at least two different types of storage, at least one of which must be stored off premises. In a perfect world, all these copies would be identical and updated regularly (in real time, ideally).

Employee training

Accounting for almost 3 in 4 of all malware attacks, phishing is an incredibly popular attack vector and RaaS is no exception. With this in mind, one of the most critical things you can do to protect your organization from RaaS is bring all your employees up to speed on best safety practices to use when browsing the web and checking their emails.

Giving staff the support they need to learn how to identify suspicious messages and encouraging them to avoid potentially dangerous links and email attachments can go a long way toward reducing your risk of a RaaS infection.

Antivirus that uses behavioral blocking

New RaaS variants are being released at such a fast rate that it’s simply not possible for antivirus products that rely solely on a signature database to catch them all. As such, it’s important to use IT security software that incorporates behavioral blocking technology into its defense mechanisms.

By keeping an eye on your system and watching for suspicious behavior that may be caused by malicious software, Emsisoft Anti-Malware is able to identify all types of ransomware and put a stop to the guilty program before it can even lay a finger on your files.

Ransomware services are here to stay

The subscription economy has ushered in a new era of convenience and flexibility – and ransomware. As RaaS becomes more accessible, even the least technically minded criminals have the means to deploy targeted ransomware attacks on organizations and consumers around the world. Nevertheless, by staying proactive and using best security and backup practices, you can maximize your chances of keeping your business safe.

The past month has been dedicated to what our development team dubbed a ‘cleanup sprint’. If this conjured up images of dust-strewn developers dashing about with buckets and brooms, you’re not far from the truth. In lieu of big projects, this month we focused our efforts on important product maintenance works and cleaned up dozens of minor issues and improvements that had been waiting in queue for a while.

Even if these releases are not as exciting as those that contain major changes, they are important as they improve product stability. Additionally, they pave the way for bigger projects to come.

How to obtain the new version

As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users, please download the full installer from our product pages.

Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.

Have a great, well-protected day!

]]>https://blog.emsisoft.com/2017/11/30/new-2017-11-fine-tuning/feed/6Emsisoft is not Emisoft – Let’s talk about our name for a momenthttps://blog.emsisoft.com/2017/11/20/emsisoft-not-emisoft/
https://blog.emsisoft.com/2017/11/20/emsisoft-not-emisoft/#commentsMon, 20 Nov 2017 12:30:42 +0000https://blog.emsisoft.com/?p=28456

Back in 2003 when I founded the business, I was researching for weeks for a nice company name. My main objective was that it should be easy to pronounce in most languages around the world. Any special characters such as the German umlauts (ä, ö, ü) were a no-go, as were accents and two-vowel combinations that are pronounced differently in other languages, like “eu”, “ae”, “ei” and so on.

Then I thought, okay, let’s give it some really cool, security-related name. But the truth is, I simply couldn’t identify with any combinations of virus/spyware/adware/malware/threat/pest/hacker-stopper/blocker/defender/destroyer/sweeper/buster/doctor/protection. I was actually looking for something that stands for a solid and honest business and not just start another short-lived buzzword brand name.

What led me to choosing the rather neutral “Emsi”

As a person who likes efficiency, my self-chosen nickname on ICQ in the early Internet days (pre 2000) was simply “mc”. Two letters – my initials. I spent quite some time on the newly established online chats, where I met lots of interesting people, some of whom are still my friends or business partners today. One of them thought it would be a funny idea to call me “Emsi”, which is the German notation of the English pronunciation of the letters “M” and “C”.

Emsi sounded more like an actual name, rather than initials, so I kept using it as my online nickname. Since my search for a fancy techy name didn’t lead anywhere (congratulations to the guys at Malwarebytes in that regard!), I chose “Emsisoft” as the new company name. A quick trademark search revealed that it wasn’t taken by anyone else yet, so I applied for the trademarks in various countries.

What’s the thing with “Emisoft”?

Honestly, I don’t know why, but at least one in ten people miss the “s” in “Emsisoft”. A quite high percentage of our website visitors google “Emisoft”, but Google shows results for the correctly spelled name “Emsisoft” anyway (thanks, Google!).

And that’s not the only search typo. Our website analytics show there are people coming to us through various search phrases like “emisisoft”, “mc soft”, “emissoft”, “emsisift” “emmisoft”, “emsisof”, “emsissoft”, “esmisoft”, “emsysoft” and “emsisfot” (okay, the last one is probably just a common typo).

But after running the business for more than 14 years, I still feel sorry for the unintended harm we do to the folks at “Emisoft“. Yes, it really exists! The Norwegian company specializes in environmental management systems and is not related to Emsisoft in any way. This is a prime example of how one letter can have a major impact on perception and confusion. If I knew that the first “s” in “Emsisoft” would be invisible (for some reason) to so many people, I probably would have chosen a different name.

A funny anecdote

Founding a company in Austria was always a bureaucratic nightmare. I initially applied for the business name “Emsisoft” but it was rejected by the authorities. The law back then required the name to be descriptive of the nature of the business, and they argued that “soft” could stand as well for a toilet paper manufacturer. Not joking! So, I initially had to go for “Emsi Software”, which our early customers may still remember.

Luckily, that funny law was made obsolete a couple of years later so I was able to officially rename the business to “Emsisoft”. During our move to New Zealand, the name was kept, of course.

Ransomware may have claimed the lion’s share of media headlines in 2017, but there’s another type of attack that has become increasingly common in recent months – fileless malware.

Deceptive, sneaky and undeniably effective, fileless malware is growing in popularity as cybercriminals trade in brute force for stealth. While some organizations claim traditional antivirus software is all but blind to fileless malware, the truth is that many IT security products are more than up to the challenge.

In addition, there are a few things you can do yourself to minimize the risk of infection and limit the fallout should something happen to slip past your defenses. Read on to find out how you can protect yourself from the ‘invisible’ threat that is fileless malware.

What is fileless malware?

Fileless malware goes by many names, including ‘non-malware’, ‘memory-based malware’ and ‘living off the land attacks’. Whatever you choose to call it, fileless malware refers to a special type of cyberattack that can infect a system with malware without leaving an executable file on disk. It’s not fileless in the sense that no files are involved whatsoever; rather, the term refers to the fact that – unlike conventional malware – fileless malware can deliver its payload without dropping anything suspicious onto a machine’s hard drive.

So, if fileless malware isn’t stored on your hard drive, where does it live?

1. In your RAM

Random access memory (RAM) is a form of computer data storage that allows information to be stored and retrieved temporarily. Some strains of fileless malware can reside in your RAM and remain there until executed without stepping foot on your hard drive. This type of fileless malware is relatively rare because it can only survive until you restart your computer, which completely clears the RAM.

While this might seem like a futuristic concept, it’s worth noting that memory-resident malware has been around in one form or another for decades. For example, back in 2001, the Code Red worm spread like wildfire, infecting almost 360,000 computers by exploiting a vulnerability in Microsoft IIS web servers – all without leaving the RAM of the infected system.

2. In the Windows Registry

With the shortcomings of RAM-based malware in mind, cybercriminals have developed a new type of fileless malware that resides in the Windows Registry. The Windows Registry is an enormous database that stores low-level settings for the Windows operating system as well as all the applications that use the registry. Kovter and Poweliks are two examples of fileless malware that make use of the Windows Registry to infect users without leaving any incriminating files on disk.

In most cases, the malware relies on the use of native Windows tools such as PowerShell and Windows Management Instrumentation (WMI).

How does fileless malware end up on your machine? While the infection process can vary between malware families, it often looks something like this:

The exploit kit attempts to exploit vulnerabilities in the outdated plugin

If successful, the exploit kit starts running the payload in the memory of your browser process.

The infection is successful!

Why are fileless malware attacks becoming more common?

Fileless malware is on the rise. In fact, some reports estimate that as many as 4 in 10 businesses in the US were compromised by fileless malware in 2017.

What’s responsible for this trend?

It’s the path of least resistance. As noted, fileless malware does not reside on a computer’s hard disk. Some antivirus products rely solely on checking file attributes to determine whether a file is safe or potentially malicious and do not take into account the behavioral patterns of the attack. Fileless malware has less chance of being detected than conventional malware, which means the criminals have a higher chance of success, whether that’s encrypting your files, stealing your passwords or something similarly destructive.

Our users can rest assured that Emsisoft Anti-Malware makes use of advanced behavioral identification methods to recognize and stop both regular and fileless malware. However, not all antivirus products are so thorough and, given that there are no suspicious files to actually check, many fileless malware fly under the radar. There is simply less chance of being detected.

Another factor to blame for the increase in fileless malware attacks is the growing popularity of exploits as a service, a relatively new phenomenon in which criminals deploy cyberattacks on behalf of the buyer. This illegal service means that even the least tech-savvy criminals have the means to unleash a devastating fileless malware attack on the target of their choosing.

Fileless malware protection 101

There’s no denying that fileless malware are sneaky critters, but the good news is that there are a number of things you can do as a user to minimize the risk of infection. Protect yourself against fileless malware by:

1. Keeping your apps and operating system up to date

One of the most effective ways to keep your system safe from malware is to simply keep all your software up to date with the latest security patches. As many as 85 percent of all targeted attacks can be prevented by simply applying the latest software patches, according to figures from the U.S. government. For the ultimate peace of mind, ensure auto updates are enabled in the settings of your applications.

2. Disable PowerShell

Windows PowerShell is a native Microsoft tool used for task automation and configuration management. Unfortunately, fileless malware often exploits certain vulnerabilities in PowerShell. If you don’t need to use PowerShell (and most home users probably don’t), use the following steps to disable it:

Windows 10:

Press the Windows key

Type “Control Panel”

Open Control Panel

Click Programs

Click Turn Windows features on or off

Scroll down to Windows PowerShell and untick

Click OK

3. Monitor traffic logs for suspicious traffic

Both fileless and conventional malware leave clues as to their existence, most commonly in the form of affecting your network’s traffic. If you notice network activity that is substantially different from the status quo, it’s possible that you may have been infected.

There are many tools you can use to do this, including the native Windows Firewall. Check out this How-To Geek article for step by step instructions on using Windows Firewall logs to track network traffic and identify suspicious behavior.

4. Use an antivirus with behavioral detection

As we mentioned earlier, detecting fileless malware can be a challenging task for some antivirus products that focus exclusively on file properties. With this in mind, it’s important to choose antivirus software that can analyze your system’s behavior and pinpoint suspicious activity. By recognizing changes to the system’s usual patterns of behavior, these security solutions can identify malicious activity and promptly block and remove the threat.

5. Adopt the principle of least privilege

A cornerstone of IT security, ensure that every user on the system has the lowest clearance needed to perform their task. This helps keep the damage to a minimum should a piece of fileless malware happen to slip past your computer’s defenses.

Is my current antivirus enough to protect against fileless malware?

The notion that fileless malware is completely invisible to conventional antivirus products is little more than marketing hype. Although it doesn’t reside on the hard drive, many modern IT security solutions have evolved past the point of simple file scanning and are more than capable of revealing and removing zero-day malware threats, regardless of where they choose to hide.

Fileless malware attacks could very well become even more common in the months and years ahead. But despite the sinister name and scaremongering from some organizations, the fact remains that reputable antivirus products such as Emsisoft Anti-Malware will be up to the challenge of keeping your computer safe from harm.

What’s your strategy for dealing with fileless malware? Let us know in the comments!

In October 2017, independent IT security product analysts AVLab set out to find which free antivirus product offers the best on-demand scanning. The results are in, and we’re delighted to announce that Emsisoft Emergency Kit came out on top, scoring a shiny award badge in the process.

AVLab testing methodology

An antivirus’ ability to identify and remove digital threats hinges on whether or not it can actually detect malicious files. This was the core focus of AVLab’s most recent tests.

The testing took place on a virtual image of Windows 10 Professional x64 complete with the latest updates. All antivirus applications were installed with default settings and updated at the time of scanning to ensure signatures were fully up to date.

Over the course of six days, the Polish company subjected 10 free IT security products to thousands of malware samples that were obtained in cooperation with independent researchers. To make the testing as challenging as possible, the malicious applications were collected just 24 hours prior to each test day.

Emsisoft scores highest detection rate

We’re proud to report that Emsisoft emerged at the very top of the charts. Emsisoft Emergency Kit detected 17,483 of the 18562 malware samples (93.73 percent), earning us the AVLab Best+++ Award!

A few of our competitors didn’t fare as well, with the 24-hour freshness of infected files proving to be too much of a challenge for some (we’re looking at you here, Windows Defender).

In addition to our great detection score, AVLab also noted that Emsisoft Emergency Kit’s scan duration was on the speedy side. On-demand scanning can be a time-consuming process (one of the tested products took several hours to complete a scan!), so we are happy to see our efforts in creating a lightweight, bloat-free product paying off even in stringent test conditions.

Yet we are not surprised at the results, as its scanning and removing technology is the same that powers our flagship product, Emsisoft Anti-Malware, which boasts class-leading behavior-blocking to prevent even the smartest malware from harming your computer.

About AVLab

AVLab tests are independent, reliable and painstakingly crafted to resemble real-world conditions. The malware samples used in this test are obtained via independent researchers rather than through security software developers. This allows for total impartiality and ensures antivirus developers are unable to artificially boost their threat detection scores.

Want to learn more about the test? Download the full report in Polish or English, or check out the awards we’ve won in the past on our awards page.

Emsisoft has been in the ransomware protection game for a long time. Over the years, we’ve continued to hone our software and today we’re proud to offer one of the best products in the industry when it comes to protecting users against illegal encryption tactics.

Unfortunately, many PC users still rely solely on Windows’ own protection measures. Despite Microsoft making some improvements to its security software in recent years, Windows Defender remains far from a perfect solution. In fact, in a recent AV-Test assessment of 18 security Windows 10 security suites, Windows Defender tied for last place due to sub-par protection and performance.

Nevertheless, we’re happy to see Microsoft taking a more proactive approach to security with the arrival of the latest Fall Creators Update, which includes, among other things, a dedicated ransomware protection feature.

Is it any good? How does it compare to Emsisoft’s Anti-Ransomware module? And, most importantly, is it enough to keep your computer safe?

Let’s find out.

What does Windows’ new Ransomware protection actually do?

The Fall Creators Update comes packed with a bunch of security improvements aimed at tightening up the Windows 10 architecture. This includes the removal (from clean Windows 10 installs, at least) of the woefully vulnerable SMBv1 protocol, which was responsible for the massive WannaCry and Petya ransomware outbreaks earlier this year.

In the hopes of preventing a similarly devastating cyberattack, Microsoft has also rolled out Controlled Folder Access, a brand new security feature that is essentially Microsoft’s answer to the growing ransomware threat.

Controlled Folder Access is a new component of Windows Defender. As the name implies, it works by preventing applications from making unwanted changes to certain folders. When Controlled Folder Access is enabled, only whitelisted apps are able to modify Windows system files and data folders, meaning – in theory, at least – that your mission-critical data should be safe in the event of a ransomware infection.

While this might sound appealing, the vast majority of our users do not need to worry about activating Controlled Folder Access because Emsisoft Anti-Malware provides much better protection against ransomware (for reasons we’ll get into shortly!). In addition, Controlled Folder Access also requires Windows Defender to be activated in order to work, and we generally recommend not using two antivirus products at the same time. Nevertheless, if for some reason you really want to use Controlled Folder Access in conjunction with Emsisoft Anti-Malware, simply:

This will reactivate Windows Defender and you will gain access to Controlled Folder Access. Emsisoft Anti-Malware will not be listed in the Windows Defender Security Center, but it will still be functioning and protecting you as usual. However, as mentioned, it is not necessary to have both activated and we recommend against doing so.

By default, Controlled Folder Access is disabled. If you wish to enable it, follow these steps:

Open the Start Menu

Type “Windows Defender Security Center” and open the app

Select Virus & threat protection

Click Virus & threat protection settings

Scroll down until you find the Controlled folder access section

Click the on/off toggle to enable the feature

Once Controlled Folder Access is enabled, you can use the Protected folders sub-option to select which folders you wish to protect (e.g. folders containing important photos, documents and other personal files). Windows system folders are protected by default. You can also use the Allow an app through Controlled folder access section to create a whitelist of trusted programs that are allowed to modify files in the protected folders.

What does Emsisoft do differently?

Let’s imagine you’re a security-conscious homeowner living in a particularly bad neighborhood. You know that a break in is probably going to happen sooner or later, so you put your most important belongings in a rock solid safe that can only be accessed by people you specifically approve. Sure, everything outside the safe is vulnerable to damage and theft, but at least you know that your most treasured belongings are safe in the event of a home invasion.

This is the basic philosophy behind Controlled Folder Access. It doesn’t prevent criminals from breaking in, it doesn’t actively stop them from meddling with your things, but it does allow you to put your most prized possessions in a safe zone that the bad guys can’t access.

To continue with our analogy, now let’s imagine that you want a more proactive security solution. Rather than simply investing in a safe, you install floodlights and security cameras around the perimeter of your home. Your security system automatically monitors your property and is smart enough to be able to distinguish between benign behavior (say, a curious cat wandering up your driveway) and suspicious activity (someone snooping around your windows). It’s advanced enough to stop would-be criminals before they lay a finger on your belongings rather than waiting for the criminal activity to happen before responding.

This second scenario is Emsisoft’s approach to ransomware. Our advanced Behavior Blocker and Anti-Ransomware module continuously monitor all active programs, watch for any behavioral patterns that are congruous with ransomware attacks and stop the offending application long before your files are encrypted. This behavioral monitoring enables Emsisoft Anti-Malware to prevent ransomware attacks from both known and unknown threats. Other anti-ransomware products, on the other hand, can only detect ransomware with known signatures, meaning their protection only kicks in after your files have been encrypted.

Simply put, Emsisoft Anti-Malware is far superior to Controlled Folder Access when it comes to protecting your computer from ransomware. If you are already running Emsisoft Anti-Malware on your machine, there is no need to activate Windows Defender or enable Controlled Folder Access.

You can get further insight into how Emsisoft handles ransomware in the following YouTube video from Malware Geek:

Is Windows enough to protect you from ransomware?

In a word: no. With Controlled Folder Access, no program – besides those on the whitelist – is able to access, edit or change the files within these protected folders. This means that even if your computer is infected with ransomware, your system files and important data will be impervious to encryption and safe from harm. Now, this might sound like a bulletproof strategy. However, while Controlled Folder Access does provide a basic level of protection, there are a few flaws in this sort of reactive, all or nothing approach.

1. It doesn’t actually combat ransomware

One of the key flaws with Controlled Folder Access is that it doesn’t actively prevent ransomware from infecting and taking over your machine. Instead, it locks away your critical data to ensure the bad guys can’t get their hands on it.

2. You’re still going to see encryption notices

In the event of a ransomware infection, everything inside your protected folders is safe, but what happens to the files in your non-protected folders? Answer: they get encrypted. Even if some of your files are safe, your machine as a whole will still be rendered unusable, which is incredibly disruptive for businesses and home users alike. In addition, you’ll still be subjected to encryption notices and ransom demands from the criminals, and many people will be tempted to pay up in order to regain access to their machines.

3. Potential compatibility issues (but not with Emsisoft!)

Control Folder Access is not a standalone feature and requires you to enable real-time protection in Windows Defender. Why is this a problem? Well, according to Rob Lefferts, director of program management for Windows enterprise and security, Windows Defender plays nicely with about 95 percent of Windows 10 PCs that have third-party antivirus software installed. But that still leaves 5 percent of people who may experience compatibility issues when attempting to use Control Folder Access in conjunction with their antivirus application.

A step in the right direction

Let’s give credit where credit is due. Controlled Folder Access is a step in the right direction. It’s great that Microsoft recognizes just how damaging ransomware is becoming and is making moves to protect users who rely on Windows Defender Security Center. However, it is not is an ideal anti-ransomware solution, largely due to the fact that it merely stops programs from modifying protected files rather than actively preventing or fighting ransomware. With this in mind, it may better to think of Controlled Folder Access as a data protection tool rather than a comprehensive ransomware-fighting security feature.

Bottom line: Controlled Folder Access promises to be a great supplementary security tool, but it’s no replacement for proven anti-ransomware software such as Emsisoft Anti-Malware. When used on its own, Controlled Folder Access is much better than nothing, but it does have some significant flaws to be aware of.

Will you be enabling Controlled Folder Access? Why or why not? Let us know in the comments below!

In the past, the only way our partners could renew Emsisoft Anti-Malware licenses was to select them in our Reseller Portal and go through the checkout process for each license individually. While this was perfect for smaller orders, it was a bit tedious for partners who needed to renew several licenses every single day.

Today we’re delighted to announce the launch of our new and improved Reseller Portal, which is designed to make life easier for our resellers by streamlining the license renewal process.

Introducing bulk renewal coupons

An important part of the Reseller Portal upgrade is the introduction of stock renewal coupons, which can be applied to existing active licenses, allowing you to renew them at any later time. You can buy stock renewal coupons either via the reseller panel’s order page (minimum 10 units) or via our international distributors.

Note that if you choose to purchase through a distributor, you’ll need to assign the coupons with your reseller account if your distributor hasn’t already done so. This can be done with a simple copy/paste at the bottom of the “Manage Licenses” page. After assigning the coupons with your account, they will become visible as “Renewal” in the “Inactive Licenses” list.

How to use renewal coupons

Extending an active license is now faster and easier than ever before. To do so, simply:

Select an active license.

Click the hamburger (stacked lines) menu located on the right side.

Select a “Renew with stock license” option, which will be visible if you have any unused renewal coupons that match the selected key in the “Product” column and the number of seats available.

Done!

Automation via API

The second way to extend a license with a renewal coupon is by using our public REST API, which can be easily integrated into your own CRM and billing systems. API access is available on request.

Your Emsisoft partner manager will be able to provide API-Key and developer instructions.

The highlight of this month’s update is the arrival of MSI setup files for Emsisoft Anti-Malware, which will undoubtedly come in handy for advanced users and network administrators alike. Together with Emsisoft Enterprise Console, they can be used for time-efficient group policy deployment in larger Windows networks. A new, smaller web installer is now also available for download. It reduces the required download traffic to a minimum, transferring only data that is required for your operating system edition.

How to obtain the new version

As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users, please download the full installer from our product pages.

Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.

Have a great, well-protected day!

]]>https://blog.emsisoft.com/2017/11/01/new-in-2017-10-msi-setups/feed/10How to get a job in cybersecurityhttps://blog.emsisoft.com/2017/10/25/how-to-get-job-cybersecurity/
https://blog.emsisoft.com/2017/10/25/how-to-get-job-cybersecurity/#commentsWed, 25 Oct 2017 15:30:58 +0000https://blog.emsisoft.com/?p=28953

Cyber security is big business – and it’s only going to get bigger. In fact, the world will spend around $86.4 billion on information security products and services before the end of the year, according to figures collated by Gartner. This represents an increase of 7 percent from 2016.

Given the market’s explosive growth, perhaps it shouldn’t come as too much of a surprise to learn that there’s a significant skill shortage in the industry. ISACA, an independent organization that advocates for information systems personnel, estimates that there will be a global shortage of two million cybersecurity professionals by 2019.

The demand is clearly there, but getting into the industry can be a bit confusing, particularly when compared to other career paths. Lawyers go to law school, tradespeople take up apprenticeships, but where do you go if you want a job in cybersecurity?

To find out, we talked to a bunch of people at Emsisoft and reached out to those in the wider InfoSec community who are working hard to stay one step ahead of the cybercriminal. Here’s what they had to say:

Do you need a degree to get a job in cybersecurity?

Countless colleges and universities around the world offer undergraduate and postgraduate programs specializing in computing and cybersecurity. Acquiring a college degree doesn’t guarantee you a job, but it does show that you have a fundamental understanding of IT security. It demonstrates your commitment to your career and can be an important asset if you’d like to one day move into a management position.

In saying this, getting a college degree is not a prerequisite to getting a cybersecurity job – in fact, none of our malware analysts, who are among the best in the industry, have got a cybersecurity degree :). In the IT world – perhaps more so than in other white collar industries – experience is always the most valuable thing to have on your resume. Being able to show that you can apply your skills and knowledge in the real world helps you stand out from other candidates who may be qualified but lacking in practical experience.

For Michael (AKA Demonslay335), a software analyst and senior bench technician at MalwareHunterTeam, his passion for programming naturally led him to a career in cybersecurity.

“I’ve always been a programmer, so seeing how things break has just been an extension of that. Hacking (and defending from it) has always been an interest to me, and in particular when it comes to doing so with cryptography. This is naturally how I became interested particularly with ransomware – programming plus cryptography.”

While passion certainly helps fuel the fire, in many cases you may need formal learning to plug certain knowledge gaps or broaden your skillset. Many cybersecurity professionals, including Emsisoft’s Head of Support David (otherwise known as hoverdave), say their career is the culmination of both practical experience and in-school training.

“I started by learning about viruses for Apple IIe in about 1984, and trying to figure out how they work. I was more interested in advanced infections, but didn’t touch them until much later when I started learning how to clean them in 1991, then specialized in the small shop I ran in 2005. I started training in a UNITE malware removal school (geekstogo.com) in 2010, and now I teach at Geeks To Go and Bleeping Computer, in addition to working here at Emsisoft.”

TL;DR: You don’t need a degree for a career in cybersecurity, but formal education can help.

Salary expectations for cybersecurity jobs

The cybersecurity industry pays well for the right people. In 2016, the median annual wage for information security analysts was $92,600, according to the United States Department of Labor. The lowest 10 percent earned a salary of less than $53,760, while the highest 10 percent earned more than $147,290. Security analysts working in management, scientific, and technical consulting services sectors had the highest median wage of $101,440. Of course, these numbers can vary wildly depending on your experience, qualifications and location.

Despite the handsome salary, money isn’t necessarily the be all and end all when it comes to choosing a career. Many people get into cybersecurity not for the money, but for the challenges involved with fighting malware and out of desire to help and protect others.

TL;DR: In the US, the median salary for information security analysts is $92,600.

How to start a career in cybersecurity

As with any career choice, there’s no one-size-fits-all blueprint to securing a position in the cybersecurity field. However, there are a number of things you can do to greatly improve your chances:

1. “Study. Research. Be intent about it and don’t give up” – hoverdave

“If you learn something,” says hoverdave, “and it leads to a new term or concept you don’t understand, write down what you were researching, then research the new thing. Keep doing that until you fall off your chair, then do it again the next day. That level of research is the main difference between those who know and those who don’t, and it can be done completely on your own, without paid schooling (which is also important on a resume).”

Broaden and deepen your technical skills by enrolling in a relevant course at your local community college, or make use of websites such as edX that offer free, reputable programs from real universities.

TL;DR: Be curious and never stop learning.

2. “Get involved in learning and in the community” – xXToffeeXx

Networking is still key. No, we’re not talking about firewalls and ethernet cables (though you should probably know how that stuff works, too!) – we’re talking about using your connections to aid your professional development.

“Get involved in learning and in the community,” recommends Emsisoft malware analyst Sarah, more commonly known as xXToffeeXx. “There are a number of good resources out there. For example, the MalwareAnalysisForHedgehogs and MalwareTech channels on YouTube make good tutorial videos for malware reversing.”

There are many ways to connect with the IT security community. Attending meetups and conferences, making friends with existing security professionals and generally make yourself known in the security community are all excellent ways to get your name out there. Meeting people virtually via Twitter and LinkedIn can also be beneficial.

Sarah credits the InfoSec community for ultimately helping her secure a job in the industry.

“While browsing the internet, I stumbled across BleepingComputer; a community which dedicates itself to helping others with computer issues. My attention was instantly drawn to the malware related sections, where I became fascinated with how those helping managed to take a severely infected system and disinfect it. BleepingComputer helped connect me with a number of people, many of which I’m good friends with to this day, and ultimately led to my job at Emsisoft.”

TL;DR: Connect with and learn from the InfoSec community. They are generally a very helpful bunch!

As we noted earlier, formal education isn’t always necessary for getting a job in cybersecurity, but obtaining the relevant certifications sure can help. CompTIA Security+ is just one example of a respected and widely-recognized entry level certificate.

There are many ways to gain IT security experience without going to college. One of the most common paths involves getting your foot in the door with an entry-level position in customer service, technical support, computer programming and so on.

As you gain experience in this role, try to take on more security-related tasks, gradually hone your skills and move into increasingly security-focused roles. While working your way through the ranks, be sure to make use of self-directed learning (more on that later!) to continue to expand your skillset and show prospective employees what you can do.

Before you know it, you’ll have a healthy amount of experience under your belt and will be well-equipped for a fully fledged position in cybersecurity!

TL;DR: Stay thirsty for knowledge.

4. Use your initiative

Experience is critical for developing a good career in cybersecurity. Due to the sheer breadth of the industry, it sometimes can be challenging to gain relevant experience in some IT roles, but with a bit of initiative it’s possible to build your practical knowledge with self-directed learning such as:

Teaching yourself to code: From JavaScript to Ruby and everything in between, the internet is awash with comprehensive resources that can teach you how to code completely free of charge. Codecademy, for example, is a great place to start!

Open source projects: Test your technical abilities while building on your teamwork skills by creating or contributing to an open source project. GitHub is a fantastic platform for collaborating with like-minded developers around the world.

Cybersecurity contests: Put your skills to the test in a competitive environment. Contests such as CSAW give you the opportunity to use your initiative to solve simulated IT security problems.

Broaden your responsibilities: Volunteer to handle more security-related tasks in your current role. This hands-on experience is a superb way of broadening your skillset and prepares you for progressing into a more security-oriented position farther down the track.

TL;DR: Use your initiative to take on more cybersecurity duties and make a name for yourself.

5. Brush up on your soft skills

Like it or not, cybersecurity isn’t just staring at computer screens all day. Whether you’re working in a team or providing support to other employees, a big chunk of your day to day responsibilities revolves around being able to communicate effectively, whether that’s IRL or online. With this in mind, be sure to sharpen up your social skills as well as your technical expertise.

TL;DR: Know how to talk to people. Both online and IRL.

The future of cybersecurity and you

“The field is always changing and it’s interesting to theorize what the future may be.”

xXToffeeXx.

The cybersecurity industry is rapidly expanding. In the years ahead, people around the globe will increasingly come to depend on upcoming, tech-savvy talent to protect their data from malicious digital threats. This is your opportunity to follow your passion and while using your skills to help exterminate cybercrime and make a positive difference in the world.

If you’re thinking about a career in cybersecurity, there really is no better time to start pursuing your dream job than right now.

Do you have any questions about starting a career in cybersecurity? Let us know in the comments below and we’ll be sure to answer them as best we can!

Independent antivirus software testers AV-Comparatives recently released the results of their September Malware Protection Test. Guess who walked away with the highest accolade possible?

Emsisoft scores highly on protection rates

AV-Comparatives’ Malware Protection Test is a rigorous assessment that pits security software products against more than 20,000 recent and prevalent malware samples. Using strict testing methodologies, AV-Comparatives is able to see how well a security program can protect a system before, during and after a malicious file is executed.

We’re proud to announce that, even in the face of such stringent testing, Emsisoft Anti-Malware emerged with flying colors and was granted the Advanced+ Award.

To be considered for this top award, products had to score highly in two key categories:

Protection rate

In years gone by, AV-Comparatives relied on detection-only tests to judge a product’s effectiveness. While detection is still an important part of the testing process, this year the organization also introduced a protection element, which evaluates how well a product can prevent a malicious program from making changes to the target system.

Emsisoft excelled in this department, scoring a fantastic protection rate of 99.99 percent.

False positives

To assess file detection capabilities, AV-Comparatives also subjected the products to a false alarm test to evaluate how effectively they could distinguish good files from malicious ones.

Emsisoft produced just six false alarms, while others flunked out completely with as many as 274 false alarms!

We’re not in it for the glory, but we’re very happy to be recognized by AV-Comparatives for our efforts in combating malware. We’ll continue to strive to provide you with the best lightweight malware protection on the planet.

AV-Comparatives

AV-Comparatives is an independent, Austrian-based organization dedicated to evaluating the effectiveness of security products. Drawing from an enormous database of malware samples, AV-Comparatives is able to create a structured testing environment that reveals how well antivirus software really performs. The organization is one of the most widely recognized and reputable security software testing groups in the industry.

You can see the full results of the Malware Protection Test September 2017 here or check out our trophy cabinet of awards we’ve received in the past here.

Ransomware is no laughing matter; just ask the thousands of victims that have had their personal or business files locked away. Yet every once in awhile, there are definitely moments in the lab when we can’t help but smile, scratch our heads and wonder “what on earth were the hackers thinking?”.

We want to share some of those moments with you. Here are 10 of the weirdest, strangest and most ridiculous ransomware samples we’ve encountered over the last few years.

1. Popcorn Time

Popcorn Time (unrelated to the streaming application) looks like something the Joker might have concocted if he were a little more tech savvy. Divisive and dastardly, Popcorn time is one of few strains of ransomware that actively turns regular users against each other.

After infecting your machine and encrypting your files, Popcorn Time generously offers to decrypt your files on one condition: you infect two other people and they pay the ransom. This provides a pretty strong incentive for victims to voluntarily turn into cybercriminals themselves in a desperate attempt to regain access to their files. To complicate matters even further, Popcorn Time starts randomly deleting files if you enter the incorrect decryption key four times.

2. Hitler Ransomware

The bizarrely named Hitler ransomware surfaced in August 2016. After successfully infecting a machine, the ransomware displays a lock screen featuring Hitler himself and announces that your files have been encrypted and can only be retrieved if you fork over a very specific ransom – a €25 Vodafone cash code.

However, despite what the ransomware insists, no encryption actually takes place. Instead, the ransomware simply removes the extensions of a number of files and then displays the ransom note lock screen, which features a 60 minute countdown timer. When the timer reaches zero, the ransomware crashes the computer and, upon reboot, deletes all the files on the victim’s user profile.

3. Nudes Ransomware

Some hackers are out to make money. Some want the infamy. Others simply want to see you naked.

September 2017 saw the arrival of nRansom, a hilarious piece of ransomware featuring images of Thomas the Tank Engine and the Curb Your Enthusiasm soundtrack. nRansom locks your computer and proclaims it will only unlock the device if you send 10 nude pictures of yourself to a certain email address, after which the criminals will sell your nudes on the deep web.

While this might sound fairly menacing, in all probability nRansom is little more than a gag application intended to be sent to ‘friends’. The locker is incredibly basic, full of bugs and easy to remove.

If you somehow manage to get infected with nRansom, simply:

Enter the unlock code 12345.

Click the unlock button.

Realize the unlock button isn’t actually functional.

Press Ctrl + Alt + Del to open the Task Manager.

Select nRansom.

Click End task.

Done. No nudity required.

4. Fabiansomware

Click at your own risk ;)

After months of being repeatedly thwarted by Emsisoft CTO Fabian Wosar, the criminals behind Apocalypse ransomware decided to pay their adversary the highest level of respect: they renamed their ransomware after him.

Over the course of a few months, Fabian and his team released a number of free decrypter tools to help victims of the poorly coded Apocalypse ransomware.

In frustration, the criminals attempted a smear campaign, rebranding their ransomware to Fabiansomware, delivering ransom notes in his name and using the email address fabiansomware@mail.ru to request payments.

5. RensenWare

ResenWare puts your gaming abilities to the test. After encrypting your computer, the ransomware threatens that your files will be lost forever unless you manage to score more than 200 million points in the LUNATIC level of shooting game TH12 – Undefined Fantastic Object.

As you might have guessed, RensenWare turned out to be a joke and was never intended for distribution. The author quickly released a tool that causes the game to believe the user achieved the points necessary for decryption. While there’s no real malice behind RensenWare (although its encryption really does work), it does highlight the potential for creative malware.

6. Educational Ransomware

There’s a very strange, niche breed of ransomware that attempts to – quite literally – teach its victims a lesson about internet security. Koolova is one such example.

After encrypting your files, the ransomware scolds you for downloading dodgy applications and informs you that the only way to retrieve your data is to read two online articles: one from the Google Security Blog; the other from BleepingComputer.

Peruse the content before the countdown reaches zero, and Koolova will give you the decryption key to get you files back. Fail to read the articles, and Koolova deletes the encrypted files. Tough love, indeed.

Our tip: just subscribe to the Emsisoft newsletter and get all the internet security lessons you need ;)

7. Trump Locker ransomware

Right as the 2016 US election was approaching fever pitch, we caught wind of the Donald Trump ransomware, a locker closely related to the VenusLocker ransomware family.

After successfully encrypting your files, the ransomware briefly displays an image of Donald Trump’s face, along with the message “YOU ARE HACKED!” before presenting the ransom window with payment information.

Sad!

8. Merry Christmas

Unfortunately, holiday-themed malware is often very effective and 2016’s Merry Christmas ransomware was no exception. Distributed via emails that appear to be from the Federal Trade Commission, the ransomware installer comes disguised as an innocuous PDF file.

When executed, it encrypts your files and displays a festive ransom note that includes payment details, a countdown showing time remaining until your files are deleted and cheery MERRY CHRISTMAS text.

9. VindowsLocker

Toward the end of 2016 VindowsLocker emerged, a piece of ransomware that, instead of communicating via shadowy parts of the deep web, directs victims to contact a call center. It was a bizarre case of ransomware posing as tech support, the polar opposite of the usual scam in which tech support fraudsters use scare tactics to convince victims to pay a fee to bypass a lock screen.

Things got even stranger when, in a weird twist, it was later revealed that the ransomware had actually been developed by a group of people who had made VindowsLocker to get revenge on tech support scammers.

10. Pop Culture Ransomware

Finally, there’s a healthy cross section of ransomware that pays tribute to various pop culture icons.

Jigsaw: Inspired by the Saw movie antagonist of the same name, Jigsaw Ransomware deletes files from your computer every hour until you pay the ransom.

Kirk: Following a long line of Star Trek-themed malware, Kirk is one of the first ransomware samples to demand ransoms in the Monero cryptocurrency.

While it’s fun to look back at some of the odd ransomware we’ve encountered, it’s important to keep in mind that being infected with ransomware is rarely amusing for the victim, so keeping your computer safe before ransomware can infect your files is paramount.

What’s the weirdest, funniest or most random malware that you’ve come across? Let us know in the comment section below!

Our international reseller network has witnessed phenomenal growth over the last few years. Today, Emsisoft works hand in hand with thousands of partners in 119 countries around the globe to provide customers with the malware protection they need to keep their data safe.

And today, selling Emsisoft solutions got even easier.

Based on the invaluable feedback from our existing reseller, we’ve completely redesigned our reseller portal for improved workflow and greater efficiency, equipping our partners with the very best tools for selling Emsisoft products.

New location

With the brand-new Reseller Portal comes a fresh new location. You can now find everything you need at: https://reseller.emsisoft.com (make sure to update your bookmarks!)

New license renewal reminders

You can now choose whether you wish to receive license renewal reminders 45 days prior to the license’s end. Reminder emails are bundled for all licenses that are about to expire within the same day.

Emsisoft Reseller Portal: License Renewal Reminder

Improved checkout

Great news: we streamlined our checkout so double logins are no longer required to buy a product. You can now also bundle multiple Emsisoft products in the same checkout process.

Stock licensing options to buy 10+ licenses of a product in advance offer great discounts and streamline your internal workflow.

Suggests you investigate if a customer’s malware protection has not been updated for a longer period of time.

These features help you stay up to date about events that potentially threaten your customers’ security.

New search and view filters allow you to locate keys that are most relevant for your sales activities, while flexible sorting functionality among all data tables helps you to quickly navigate through your keys.

The new “unassign” feature can be used to remove licenses from your reseller account if you or your customers wish to do so.

Emsisoft Reseller Portal: New License Management panel

New order history

The redesigned order history panel shows all your past orders of new and renewed licenses and comes handy for monthly reports.

Marketing resources

Check out our extensive marketing resources that assist you to set Emsisoft products apart from competitor offerings. Product brochures, data sheets and Emsisoft’s brand assets are at your disposal from within the portal.

Outlook

For the upcoming months we have planned to introduce even more new features to help our partners sell Emsisoft products in their local markets. New functionality will be continuously added, so stay tuned!

If you’re a computer software reseller and not yet a member of the Emsisoft reseller network, please sign up today! There is no minimum sales requirement to get started.